Friday 22 July 2005
- sms.ac?... just say no!, vURL feedback, The Tom Liston Fanclub
sms.ac... just say no!
For well over a year I have been receiving silly little e-mails from sms.ac claiming "1 friend(s) that invited you to join their mobile friends network". Being myself, I've quite quickly deleted said e-mails upon arrival.
This time however, I decided to do a little investigating into what they really are and why they are coming to myself. An initial Google search turned up quite a few interesting sites, most notably;
How now, brownpau? - Spam from sms.ac
Russel Beattie Notebook - SMS.ac is a scam
Diane Meade's 'Off the Cuff' - Told you so!
As I do not actually know the person that sms.ac is claiming sent me the invitation, I have to ask myself, where did they get my e-mail from?, did they spider a forum or website I've posted on?.. quite possibly. Alas, reading up on them, it is more likely someone I know or used to know, registered with sms.ac unaware the lovely boys and girls that run this "company", like to spam people.
As I do not wish to regurgitate the comments found all over the web concerning this rather annoying scam, I would simply like to finish by recommending those thinking of trying this "service", instead stay well away from it, and recommend others do so too. Though this will most likely not teach sms.ac a lesson in how NOT to behave, it may just encourage them enough to sit up and take notice.
Before I do finish however, I am rather intruiged by the content of their e-mail or more specifically, the snail mail address they so graciously provide. The address provided in the e-mail shows;
SMS.ac, Inc., 255 G Street #723, San Diego, Ca 92101 USA
Whereas a WhoIs query on sms.ac shows;
SMS Inc. 7770 Regents Road Suite 113-405 San Diego CA 92122 US
Although one can understand why they aren't being entirely forthcoming, you'd have thought they would atleast be consistent.
E-mail screenshot: http://mysteryfcm.co.uk/misc/sms_ac_invmail.gif
I would just like to extend a huge thankyou to everyone that has sent feedback on the new vURL webpage dissection service thus far.
Although originally written as an alternative to similar services that required fee's for one thing or another, vURL has taken off alot better than I originally expected. At present, there are only two bugs I am aware of (due to the nature of the bugs, there is nothing I can do to rectify them), however, should you find any, or indeed, have any comments or suggestions on this service, please do not hesitate to let me know.
The Tom Liston Fanclub
Tom Liston, handler for the Internet Storm Center, certainly has a way with words. No where else is this more obvious than in his "Follow the bouncing malware" series.
For those that do not visit the ISC and/or have not read this series, FTBM takes you on a journey in the shoes of Joe Average (without a doubt the most unlucky person in the world) as he surfs the web like a teenager in heat. As this series will celebrate it's first birthday tomorrow (23rd), I thought it only right that it gets it's first birthday present (yes I know, a pint and a pizza would have probably been more appropriate).
The first part of this series was published a July 23rd 2004 and gave the perfect example of why you should be extremely careful with search engine results as his computer was infected by not one, not two, but several different parasites.
Part 2, following on from Joes initial introduction into the wierd and wonderful world of malware, took you behind the scenes of the "gifts" his computer was so kindly given. In Tom's unrivalled and extremely humorous way of investigating, he presents you with the code behind the malware and explains exactly where they originate and what they do to poor Joe's computer.
Released November 4th 2004, Part 3 gives you a lesson on a lovely little file called "hp1.exe", a file created with Visual Basic that accompanied the rest of the parasites as they took a vacation to Joe's place. As you would expect, Joe's computer by this time, has found itself many new friends. From roings to media-motor to game shows such as Mastermind, hp1 lived upto the reputation Tom built up for it as a "real piece of work".
Part 4, published November 24th 2004, saw Joes computer saved from further infections (atleast temporarily) as Tom took a quick detour to give us a lesson in IP and domain assignments. In a style only he could pull off, you are introduced to everywhere from Canada to Texas to New Hampshire and some guy called Sanford "Spam King" Wallace (just one of the many edgits responsible for Joes new friends).
Being that Tom provided us with much needed education and laughs in previous editions, you just knew Part 6 was going to be something special, especially with a swanky sub-title, and he certainly did not let us down. Part 6, following on from Joe's unfortunate choices, takes us onto codecs (Joe is obviously into his pornography a little too much) and why they should be avoided when coming from unknown, untrusted and dare I say it, very dubious sources.
The latest edition, published July 20th 2005, introduces us to a lovely little file called "vc3_05.exe". As you've probably guessed, this file is out to show Joe why pleasure of the intimate kind, should be saved for when Joe eventually gets off of his backside and finds himself a girlfriend. From dialers to law enforcement to Gold, part 7 does not let us down as Tom takes us on a walk down malware lane.
For those that have not yet read the FTBM series, below are links to each edition.
FTBM - Part I - http://isc.sans.org/diary.php?date=2004-07-23
FTBM - Part II - http://isc.sans.org/diary.php?date=2004-08-23
FTBM - Part III - http://isc.sans.org/diary.php?date=2004-11-04
FTBM - Part IV - http://isc.sans.org/diary.php?date=2004-11-24
FTBM - Part V - http://isc.sans.org/diary.php?date=2005-05-11
FTBM - Part VI - http://isc.sans.org/diary.php?date=2005-07-13
FTBM - Part VII - http://isc.sans.org/diary.php?date=2005-07-20
FTBM - Part VIII - http://isc.sans.org/diary.php?date=2005-08-22
FTBM - Part IX - http://isc.sans.org/diary.php?date=2005-09-21
FTBM - Part IX - http://isc.sans.org/diary.html?storyid=2682
FTBM - Part XI - http://isc.sans.org/diary.html?storyid=6349
Tom's website: http://www.intelguardians.com
<< Back to News